Legitimate Interests Assessments
Legitimate interests assessments are extremely useful for deciding whether they are the correct lawful basis for processing personal data. Although these are internal exercises used to inform and guide the decision making process, we have decided to publish our LIA's here in the interests of transparency. These are recommended best practice from the Information Commissioners Office and are a key input to our GDPR process and privacy policy
When conducting a LIA it's important to apply it to the category of personal data used. We felt it was important to complete different LIA's for each category because the legitimate interest to process data would be different for each one. We have grouped the personal data we process into 4 categories:
- Twitter Information
- Email Addresses
- IP Address, Device Info, Usage Data
- Payment Information
Twitter Information
This personal data refers to all the publicly available information you place on twitter. This includes all your profile information, such as name, username, bio, photo, location, etc. It includes the status updates and media that you share on twitter, known as tweets. It does not include private information such as direct messages, private updates, and private profile info.
Purpose Test
We want to be able to provide users with information so that they can make an informed decision about who they want to follow on twitter. We provide a directory and discovery service for twitter, so this information is key to providing that service. By being able to process twitter information we can provide a directory grouping users by interest groups. The benefit we receive is by being able to provide enhanced featured services on top of this broader discovery service. Users using the service receive a benefit of being able to find interesting profiles quickly. They also receive the benefit of increasing their public exposure and audience. The wider public receives an up-to-date and current directory service for twitter. For many users this is one of the few ways they are able to increase their twitter audience in a legitimate, compliant, and affordable way. Without this service many users would be left without a feasible way to promote their twitter profiles. We are complying with all relevant laws and twitter policy. It is in the legitimate interest of all stakeholders that public twitter information be displayed on our website to help people create better connections on twitter.
Necessity Test
It is necessary to use this public information in order to display a profile in the directory. Anonymous profiles without a name, photo, etc. would not meet the minimum standards of a directory or discovery service. Users need this information in order to evaluate who they want to follow. We don't process any twitter information that is not needed for the service. We have limited and minimized the data processed and only use information publicly shared by the individual.
Balancing Test
This data consists only of public information shared by the individual. They would not consider any of this information to be private. The individuals would also reasonably expect the data to be shared by twitter to other entities, and those entities to do the same in turn. The very aim of this data is to share it as much as possible. The data is collected legitimately via the twitter API in accordance to their policy. In our experience providing this service for many years already, no users find this use of their data to be unexpected. This data is re-shared publicly by thousands of organizations and this is a very typical use for it.
We assess this legitimate interest to be a sound lawful basis for processing public twitter information. We have assessed the risks to the individual to be very low and we have provided a safeguard by allowing any individual to remove their information should they wish. The individuals interests are aligned with ours for the processing of this data.
Email Addresses
This personal data refers to any email address provided by the user, obtained from twitter, or set up during subscription creation. We treat this personal data separately because it is generally considered private to the user. It has different legitimate interests to public data.
Purpose Test
We have a legitimate business interest to communicate with our users. We want to be able to provide them with important information about their account when the need arises. We also want to be able to provide paying customers with email copies of invoices for their records. Email addresses are also used to identify subscribers with some payment providers, such as PayPal. Users receive a benefit by being informed about important changes to their service, and by receiving payment records. We also use email to provide customer support and respond to customer queries. It is in the best interest of the customer to receive support as quickly as possible.
Necessity Test
Email is still the only viable way to communicate with a user when they are not visiting the website. We do not collect phone numbers or any other form of contact information, so processing email addresses is necessary for this purpose.
Balancing Test
We only use email addresses that the user has chosen to provide to us and twitter. They can change these at any time and can also fully remove them if they do not want to receive communication from us. We use email in compliance with PECR, and provide the relevant opt-in's and opt-out's required. Users expect to receive email from the companies they get services from, especially when they have signed up directly with those companies. They of course do not want to be bombarded with spam or promotion material, and as such we do not use it for this purpose. Individuals would also not want their email addresses shared publicly, and so we take great care to protect the privacy of these addresses.
We assess this legitimate interest to be a sound lawful basis for processing email addresses. We have assessed the risks to the individual to be very low and we have provided a safeguard by allowing any individual to opt-out of email addresses being processed should they wish. We also protect the privacy of their addresses and do not miss-use them marketing purposes. The primary use for email in our service is customer support, payment receipts, and account information. Individuals expect us to use their email for this purpose. We also recognise that using email for marketing communication is a more specific use case with extra PECR requirements.
IP Address, Device Info, Usage Data
This personal data refers to the IP address and other information we receive about an individual's browser, such as the type, user agent string, and cookies. It also include the usage information we collect and log about the user.
Purpose Test
We want to process this data in order to provide better security and monitoring of the service. It is in our legitimate interest to ensure that users are conforming to rules and policy, not just for us but for twitter too. We also want to process this information in order to reduce payment fraud. Processing this data allows us to improve the quality of our service by being able to identify and remove bots and fake accounts. This is essential in order for us to comply with twitter policy. It also allows us to identify security issues, such as hacking attempts. We also want to conduct long-term analytical analysis of this data in order to improve the service. This data helps us to provide support to users by being able to analyse what is occurring in their accounts and how to fix it. Individuals benefit from this data being processed by receiving a more secure and higher quality service. As fraud is reduced they see lower shared costs. HMRC also receives a benefit by being able to verify that the VAT we have collected is correct. This is done by including IP addresses and country location with transaction records.
Necessity Test
This data is essential for the purposes listed above. Many instances of fraud cannot be detected early without monitoring IP addresses. As an example, processing this data allows us to determine 99% of the time whether a credit card is being used in a different country to the one it is registered in. IP address collection is requested as part of a two-step verification by HMRC for VAT records. In many instances there is no other way to spot bots and fake accounts without using this data.
Balancing Test
Although some individuals may be harmed through the processing of this data (eg. their accounts may be suspended), this is outweighed by the vast majority of individuals who will be protected from bad accounts. Most users would expect us to process this data in order to provide a secure service, and many would consider it a dereliction of duty not to do this. As this data is kept private and protected by we feel there is little risk or impact on the user. This data is deleted when it is no longer required.
We have assessed this legitimate interest to be a lawful basis for processing this data. It is industry standard practice, is expected by the individual, and will not have an big impact on them, except where wrong-doing has been found.
Payment Information
This personal data refers to the payment information for our customers. It includes information about their payment sources, but does not include sensitive information such as full credit card numbers. If they are paying via PayPal then it will include their PayPal email address. If they are paying by card it will include partial information to identify the source, such as the last 4 digits of the card, card type, and zip code. It also includes a history of payments made.
Purpose Test
We want to be able to provide subscriptions to our users so that they can purchase advertising with us. We need to be able to process and manage payments through PayPal and Stripe in order to do this. All sensitive payment information is handled securely through these payment providers, but we need to be able to identify customers and subscriptions in order to manage their subscriptions. The customer receives a benefit by being able to easily start and stop subscriptions with minimum fuss. We have a legitimate business interest in making subscription management as easy and seamless as possible for the customer. This reduces chargebacks and refunds, and leads to greater subscriber retention. Customers want full visibility of their payments, and also want to be able to easily download invoices.
Necessity Test
This data is essential for providing a transparent and manageable subscription service. We can't provide invoice history without processing payment data. We also can't provide easy subscription termination without processing payment information.
Balancing Test
Customers clearly don't want their payment information to be misused, but they do expect it to be used for the service they have authorized. Collecting payment information provides the user with many benefits, which on balance far outweigh any risks they face. Even should this information be compromised in some way, it would not enable an attacker to process payments. We feel that most users would reasonably expect us to process this data for them.
Processing payment information is in ours and the individuals interests. It is legitimate and a lawful basis for doing so. We also provide extra comfort by allowing individuals to delete their payment information. In this instance we will delete all their payment data except for the data we are mandated to retain by HMRC.